Data stored in storage media in computing devices is commonly protected by a password or security code to prevent unauthorized access of the data. For applications where high levels of security are required, data may be stored in an encrypted form so that it cannot be read by an unauthorized user who gains access to it.
Encryption algorithms transform unencrypted plaintext information into encrypted data using an encryption key. Once encrypted, the data is unreadable to anyone except those who possess, or are able to generate, the encryption key. Encryption algorithms use the encryption key to transform encrypted data into a readable form that can be displayed to the user.
The encryption key is a security code comprising a string of bits that is input to the encryption algorithm with data to transform the data to/from encrypted form. It is desirable that the string of bits be long enough to provide a sufficient level of unpredictability, or entropy, such that an unauthorized user cannot guess or otherwise break the key by, for example, trying different possible combinations of bits, and decrypt the data.
Typically, users are not required to input the encryption key directly, since in secure systems the string of data is too long to be easily remembered or input. More commonly, the user enters a password that is known only to authorized users, and which is converted using a mathematical transformation such as a hash function into a security code. The security code may then be used as the encryption key, or may be used as a seed for the encryption key, to encrypt or decrypt data.
Most commonly, passwords used for these purposes are alphanumeric. To improve security, these alphanumeric passwords may be generated as one time pass codes (OTPs), for example by providing the user with a “tag” or other device containing logic for generating a time and/or event related code. Alternatively, the password may be simply a word or alphanumeric string that the user remembers. In either case, a balance is required between the level of password complexity needed to provide enough entropy to ensure the encrypted data is secure, and the need for the password to be relatively easy to remember and/or enter into the computing device to decrypt the relevant data.
Achieving an appropriate balance between password complexity and ease of use is particularly difficult in systems where users are able to choose a password. It is well known that users tend to favor short, easy to remember, and easy to enter, passwords. Unfortunately, passwords that fall into this category are also the easiest to guess, break, or otherwise breach, since they contain low levels of entropy and are therefore less secure.
Methods in which a user enters a “graphical password” by drawing a continuous line grid are known. The coordinates of the cells of the grid through which the line passes are used to define a password. Although such methods may enable passwords to be more easily remembered, they are not capable of generating security codes with high levels of entropy, because of the number of cells in the grids used is, in practice, relatively limited.
It is an object of the present invention to at least mitigate some of the problems of the prior art.